You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 17, 2023. It is now read-only.
sherlock-admin opened this issue
Mar 13, 2023
· 0 comments
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
_decreaseCurrentMinted is using the wrong parameter, which will practically break the whole protocol
Vulnerability Detail
The function is used in both burn and burnFrom. If the accountMinted is more than the amount, then it updates currentMinted[msg.sender]. While that works for burn, it doesnt work for burnFrom, which can lead to catastrophic consequences, because burnFrom can be used to reset the mintLimit and technically mint more tokens than possible. I've proved that by slightly modifying your test suite.
it("Should allow vaults to mint up to mintLimit",async()=>{awaittau.connect(vaultPlaceholder).mint(vaultPlaceholder.address,1000);expect((awaittau.balanceOf(vaultPlaceholder.address))).to.equal(1000);constpreAttackerBalance=awaittau.balanceOf(attacker.address);awaittau.connect(attacker).mint(attacker.address,1);expect((awaittau.balanceOf(attacker.address)).sub(preAttackerBalance)).to.equal(1);awaittau.connect(attacker).approve(vaultPlaceholder.address,1);expect(awaittau.allowance(attacker.address,vaultPlaceholder.address)).to.equal(1);expect(awaittau.currentMinted(vaultPlaceholder.address)).to.equal(1000);expect(awaittau.currentMinted(attacker.address)).to.equal(1);awaittau.connect(vaultPlaceholder).burnFrom(attacker.address,1);expect(awaittau.currentMinted(vaultPlaceholder.address)).to.equal(0);expect(awaittau.currentMinted(attacker.address)).to.equal(1);awaittau.connect(vaultPlaceholder).mint(vaultPlaceholder.address,1000);expect((awaittau.balanceOf(vaultPlaceholder.address))).to.equal(2000);});
Last, but not least the burnFrom function is used in several places through the code, meaning all of these are impacted by the vulnerability.
function burn(uint256amount) publicvirtualoverride {
address account =_msgSender();
_burn(account, amount);
_decreaseCurrentMinted(account, amount);
}
/** * @dev Destroys `amount` tokens from `account`, deducting from the caller's * allowance. Also decreases the burner's currentMinted amount if the burner is a vault. * * See {ERC20-_burn} and {ERC20-allowance}. * * Requirements: * * - the caller must have allowance for ``accounts``'s tokens of at least * `amount`. */function burnFrom(addressaccount, uint256amount) publicvirtualoverride {
// 1. burn 1 token from another vaultsuper.burnFrom(account, amount);
_decreaseCurrentMinted(account, amount);
}
function _decreaseCurrentMinted(addressaccount, uint256amount) internalvirtual {
// If the burner is a vault, subtract burnt TAU from its currentMinted.// This has a few highly unimportant edge cases which can generally be rectified by increasing the relevant vault's mintLimit.// 2. another vault balance >= amount// 3. currentMinter[msg.sender] = another vault balance - amount;uint256 accountMinted = currentMinted[account];
if (accountMinted >= amount) {
currentMinted[msg.sender] = accountMinted - amount;
}
}
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
DuplicateA valid issue that is a duplicate of an issue with `Has Duplicates` labelMediumA valid Medium severity issueRewardA payout will be made for this issue
bytes032
high
Vaults can mint unlimit amount of tokens
Summary
_decreaseCurrentMinted
is using the wrong parameter, which will practically break the whole protocolVulnerability Detail
The function is used in both burn and burnFrom. If the accountMinted is more than the amount, then it updates
currentMinted[msg.sender]
. While that works forburn
, it doesnt work forburnFrom
, which can lead to catastrophic consequences, because burnFrom can be used to reset the mintLimit and technically mint more tokens than possible. I've proved that by slightly modifying your test suite.https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/test-hh/00_TAU.ts#L81-L102
Last, but not least the burnFrom function is used in several places through the code, meaning all of these are impacted by the vulnerability.
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L303
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/BaseVault.sol#L380
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/Vault/TauDripFeed.sol#L56
Impact
Vaults can mint unlimited amount of tokens
Code Snippet
https://github.com/sherlock-audit/2023-03-taurus/blob/main/taurus-contracts/contracts/TAU.sol#L58-L90
Tool used
Manual review
Recommendation
Change the code in the following way
Duplicate of #149
The text was updated successfully, but these errors were encountered: